An Organizational Unit is a container you use to create structure within a domain. Organizational Units are the most fundamental Active Directory entities to which one can link group policies and delegate administrative privileges. Therefore, any error in configuring or modifying an OU could compromise the functionality and integrity of an entire business unit, its users, computer accounts, and other resources.
OU Management: A Crucial IT Task
To manage an OU, you need to open the native AD console, locate the OU within the domain, and then perform the desired actions. When managing multiple OUs, actions must be replicated for each OU. While PowerShell commands and scripts could alternatively be used, they certainly aren't the best option because they require extensive coding expertise.
Creating and managing a single OU is relatively simple; however, when there are strategic changes in the organization such as team restructuring or vertical expansion. Corporate expansions like mergers or acquisitions require IT admins to perform an endless list of cumbersome processes that include OU creation and modification, in the order of thousands. OU management is a critical yet cumbersome task for IT administrators.
Why OU Management in Office 365 keeps you up at night?
Despite all the advantages and features it provides, Office 365 also brings increased complexity and additional challenges related to the management of user identities and access. Office 365 management, thus can add more tasks for organizations who are already juggling multiple initiatives. One of the biggest problems is getting users into the organization's Office 365 tenants, and then granting specific users access to the Office 365 services. As explained before, this is usually performed using Organizational Units (OUs) within AD in an on-prem configuration. But when you migrated to office 365 there is no such functionality.
The right solution to handle that challenge
GSX 365 Enterprise Management uses a unique, hierarchical approach to user management. What this does is allow you to break down your employees into distinct Organizational Units (OUs) that share like attributes. While you can have shared attributes across all OUs in your organization, you can also have specific attributes that are unique to individual OUs, and OUs will also automatically inherit the attributes of their parent OUs. SuperClick engine allows you to apply bulk actions to any OU so that once the hierarchy is set up and proper attributes have been defined, you can move thousands of users into or out of any OU with a single click and they will automatically assume the desired attributes.
NEW: Assigning Admin access rights to one or many OUs
IT managers of large organizations now need a way to assign their IT administrators to one or many OUs within the tenant hierarchy. As a result, GSX 365 Enterprise Management is introducing extensions to its Role Based Access Controls (“RBAC”) functionality to allow for IT managers to grant administrative access to each IT administrator granularity down to the OU level.
The use of Role-Based Access Control allows more users to have a say in the administration of Office 365, makes delegation of Office 365 management tasks much easier and gives a higher yield on the return on investment of Office 365. With this new capability, any IT administrator can be assigned to one or many OUs and they will have restricted access to specific users of the assigned OUs that they are responsible for.
This results in creating “Administrative Boundaries” for each IT administrator and each tenant. Since OUs are created on a per tenant basis, OU privileges will be unique for each tenant that an IT administrator is responsible for. There are no limits on the amount of OUs or the combination of OUs that an Admin can be assigned to.
Applying the principle of least privilege, administrative tasks related to the management of Office 365 can be delegated granularly without giving anyone more access than needed.